Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

build: [Snyk] Security upgrade @graphprotocol/graph-cli from 0.89.0 to 0.92.0 #3341

Merged
merged 1 commit into from
Jan 6, 2025
Merged

build: [Snyk] Security upgrade @graphprotocol/graph-cli from 0.89.0 to 0.92.0 #3341

merged 1 commit into from
Jan 6, 2025

Conversation

swirlds-automation
Copy link
Contributor

snyk-top-banner

Snyk has created this PR to fix 11 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

  • tools/subgraph-example/subgraph/package.json

Vulnerabilities that will be fixed with an upgrade:

Issue Score
critical severity Improper Verification of Cryptographic Signature
SNYK-JS-ELLIPTIC-7577916		   776  
critical severity Improper Verification of Cryptographic Signature
SNYK-JS-ELLIPTIC-7577917		   776  
critical severity Improper Verification of Cryptographic Signature
SNYK-JS-ELLIPTIC-7577918		   776  
high severity Improper Verification of Cryptographic Signature
SNYK-JS-ELLIPTIC-8187303		   756  
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795		   696  
high severity Prototype Pollution
SNYK-JS-WEB3UTILS-6229337		   696  
high severity Cross-site Request Forgery (CSRF)
SNYK-JS-AXIOS-6032459		   676  
medium severity Missing Release of Resource after Effective Lifetime
SNYK-JS-INFLIGHT-6095116		   631  
high severity Improper Verification of Cryptographic Signature
SNYK-JS-ELLIPTIC-8172694		   629  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-AXIOS-6124857		   586  
medium severity Cross-site Scripting (XSS)
SNYK-JS-AXIOS-6671926		   479  

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Request Forgery (CSRF)
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Cross-site Scripting (XSS)
🦉 More lessons are available in Snyk Learn

@github-actions GitHub Actions
Copy link

github-actions bot commented Dec 18, 2024
edited
Loading

Test Results

 20 files   -   3  274 suites   - 75   41m 42s ⏱️ - 7m 30s
613 tests  -   4  608 ✅ +  5  4 💤 ±0  1 ❌  -  9 
778 runs   - 131  768 ✅  - 121  8 💤 +1  2 ❌  - 11 

For more details on these failures, see this check.

Results for commit 38f5156. ± Comparison against base commit 13d09e9.

This pull request removes 4 tests. 
"before all" hook for "emits an approval event" ‑ RPC Server Acceptance Tests Acceptance tests @erc20 Acceptance Tests HTS token should behave like erc20 transfer from when the token owner is not the zero address when the recipient is not the zero address when the spender has enough allowance "before all" hook for "emits an approval event"
"before all" hook for "reverts" ‑ RPC Server Acceptance Tests Acceptance tests @erc20 Acceptance Tests HTS token should behave like erc20 transfer from when the token owner is not the zero address when the recipient is not the zero address when the spender does not have enough allowance when the token owner has enough balance "before all" hook for "reverts"
"before each" hook for "reverts" ‑ RPC Server Acceptance Tests Acceptance tests @erc20 Acceptance Tests HTS token should behave like erc20 transfer from when the token owner is not the zero address when the recipient is not the zero address when the spender does not have enough allowance "before each" hook for "reverts"
"before each" hook for "should execute "eth_getStorageAt" request to get current state changes" ‑ RPC Server Acceptance Tests Acceptance tests @api-batch-2 RPC Server Acceptance Tests "before each" hook for "should execute "eth_getStorageAt" request to get current state changes"

♻️ This comment has been updated with latest results.

@quiet-node quiet-node added the dependencies Pull requests that update a dependency file label Dec 18, 2024
@quiet-node quiet-node added this to the 0.63.0 milestone Dec 18, 2024
@quiet-node quiet-node force-pushed the snyk-fix-15ff623e12a876786bb14d455948736d branch from a79a04a to 38f5156 Compare December 18, 2024 16:27
@quiet-node quiet-node changed the title [Snyk] Security upgrade @graphprotocol/graph-cli from 0.89.0 to 0.92.0 build: [Snyk] Security upgrade @graphprotocol/graph-cli from 0.89.0 to 0.92.0 Dec 18, 2024
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@quiet-node quiet-node modified the milestones: 0.63.0, 0.64.0 Dec 26, 2024
acuarica
acuarica approved these changes Jan 6, 2025
View reviewed changes
Copy link
Contributor

@acuarica acuarica left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lg

@quiet-node quiet-node merged commit d22ae76 into main Jan 6, 2025
42 of 45 checks passed
@quiet-node quiet-node deleted the snyk-fix-15ff623e12a876786bb14d455948736d branch January 6, 2025 22:51
@codecov Codecov
Copy link

codecov bot commented Jan 6, 2025

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 85.11%. Comparing base (13d09e9) to head (38f5156).
Report is 3 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #3341      +/-   ##
==========================================
- Coverage   85.30%   85.11%   -0.20%     
==========================================
  Files          69       69              
  Lines        4688     4688              
  Branches     1050     1050              
==========================================
- Hits         3999     3990       -9     
- Misses        374      389      +15     
+ Partials      315      309       -6
Flag Coverage Δ
config-service 98.14% <ø> (ø)
relay 79.72% <ø> (ø)
server 83.28% <ø> (ø)
ws-server 36.66% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

see 2 files with indirect coverage changes

# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@acuarica acuarica acuarica approved these changes

@quiet-node quiet-node quiet-node approved these changes

@georgi-l95 georgi-l95 Awaiting requested review from georgi-l95 georgi-l95 is a code owner

@Ivo-Yankov Ivo-Yankov Awaiting requested review from Ivo-Yankov Ivo-Yankov is a code owner

Assignees

@swirlds-automation swirlds-automation

Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
0.64.0
Development

Successfully merging this pull request may close these issues.
4 participants
@swirlds-automation @acuarica @quiet-node @snyk-bot